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WHAT IS CLAIMED IS: 

1 . A compact personal token, comprising: 

a USB-com pliant interface releaseably coupleable to a host processing device; 
a memory; 

a processor, communicatively coupled to the memory and communicatively 
coupleable to the he st processing device via the USB-compHant interface, the 
processor for provic ing the host processing device conditional access to data storable 



in the memory; anc 
a user input 



10 distinct from the USB-compliant interface, for accepting an input signaling 



authorization of a 



2. The 



token. 



3. The 
access to private 



4. Thd 
20 requiring authoriz; 
memory. 



5. Th4 
one pressure 



device, communicatively coupled to the processor by a path 



ocessor operation. 



apparatus of claim 1, wherein the path is entirely internal to the 



apparatus of claim 1, wherein the processor operation requires 
stored in the memory. 



dita 



apparatus of claim 3, wherein the private data is designated as 
tion before access by an associated identification stored in the 



apparatus of claim 1 , wherein the input device comprises at least 
sensiftive device actuatable from an exterior surface of the token. 



6. Th 



one push-button switch. 



3 apparatus of claim 5, wherein the input device comprises at least 
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7. The 
an output devic^e 

distinct from the USB 

authorization of a 



apparatus of claim 1, further comprising: 

, communicatively coupled to the processor by a second path 
ompliant interface, for prompting a user to provide an 
processor operation. 



8. The app aratus of claim 7, wherein the path and the second path are a 
common path. 

9. The apparatus of claim 7, wherein the output device prompts the user 
to provide an authorization of the processor operation when processor operation 
requires access to the private data stored in the memory. 

10. The apparatus of claim 7, wherein the output device comprises at least 
one light-emitting device. 

1 1 . The apparatus of claim 7, wherein the output device comprises at least 
one aural reproduction (Jevice. 



12. The 
one liquid crystal displajy 



apparatus of claim 7, wherein the output device comprises at least 
(LCD). 



13. The apparatus of claim 7, wherein the output device provides an 
alphanumeric message i idicating that user input is required. 



14. The 
identifies the processing 



apparatus of claim 13, wherein the alphanumeric message 
operation. 



15. The apparatus of claim 13, wherein the alphanumeric message 
identifies a private key. 
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16. The apparatus of claim 1, wherein the memory is configured to store 
the data in at least one fiUe, wherein: 

the file belongs td a file type set comprising: 
a data file type for storing non-private data; 
a key file type for storing the private data; 

the access to the f^le in the memory is classifiable according to an access type 
set including: 

a read access type [permitting data to be read from the file; 
a write access type permitting data to be written to the file; and 
the processor provides the conditional access to the memory according to the 
file type and the access type. 

17. The apparatps of claim 16, wherein the processor provides conditional 
access to the memory according to: 





1 File Type 


Access Type 


Dati 


Key 


Counter 


Read 


Conpitional Access 


No Access 


Conditional Access 


Write 


Conhitional Access 


Conditional Access 


Conditional Access 



18. A method of authorizing access to private data stored in a token having 
a processor communicatively coupleable to a host processor via a Universal Serial 
20 Bus (USB) interface, compnsing the steps of: 

accepting a commanc in the token invoking a processor operation; 

accepting a user inpuli signaling authorization of the processor operation via an 
input device; and 

providing the user inpht to the processor via a communication path distinct 
25 from the USB-compliant interface. 
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19. Thelmethod of claim 18, further comprising the step of: 
determining! if the processor operation requires access to the private data 

stored in the token; and 

prompting tl e user to authorize the processor operation via an output device 

communicatively co ipled to the processor if the processor operation requires access 

to private data stored! in a memory in the token; 



20. The method of claim 19, wherein the output device is 
10 communicatively coupled to the processor by a second communication path distinct 
from the USB-compHmt interface. 



^1= 
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21. The method of claim 20, wherein the first path and the second path are 
common. 

22. The method of claim 20, wherein the step of determining if the 
processor requires access to a private key stored in the token comprises the steps of: 

determining whichjdata stored in the memory is affected by the processor 
operation; and 

determining whethdjr the data affected by the processor operation is associated 
with an identification designating the data as a private key. 



25 



23. The method ot claim 20, wherein the path is entirely intemal to the 



token. 



24. The method of claim 20, wherein the input device is a pressure- 
sensitive device actuatable from an exterior surface of the token. 



30074.26USI1 




-45 



25. The method of claim 24, wherein the input device is a push-button 
switch actuatable from an exterior surface of the token. 



26. The met lod of claim 20, wherein the output device comprises at least 
one light emitting device. 

27. The method of claim 20, wherein the output device comprises at least 
one aural reproduction device. 

28. The method of claim 20 wherein the output device comprises at least 
one liquid crystal display! 

29. The method of claim 20, wherein the step of prompting the user to 
authorize the processor operation via an output device comprises the step of: 

providing an alphariumeric message indicating that user input is required. 

30. The method ^f claim 29, wherein the alphanumeric message identifies 
the processing operation. 



31. The method of\claim 29, wherein the alphanumeric message identifies 
the private data. 
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32. The method of claim 20, wherein the memory is configured to store 
the data in at least onq file, wherein: 



the file belong: 
a data file type 
a key file type 



to a file type set comprising: 
for storing non-private data; 
ibr storing the private data; 
the access to th^ file in the memory is classifiable according to an access type 
set including: 

a read access tyjie permitting data to be read firom the file 
a write access type permitting data to be written to the file 
the processor prof^ides the conditional access to the memory according to the 
file type and the access t?pe. 



33. The method of claim 32, wherein the processor provides conditional 
access to the memory according to: 





File Type 


Access Type 


Dati 


Key 


Counter 


Read 


Conditional Access 


No Access 


Conditional Access 


Write 


Conqidonal Access 


Conditional Access 


Conditional Access 



34. The method of claim 20, wherein the command is an authorization 
request including a challengeWalue and the processor operation is a hash function 
using the challenge value and me private data. 
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35. A pBOgram storage device, readable by a computer, tangibly embodying 
at least one program of instructions executable by the computer to perform method steps 
of authorizing access to private data stored in a token having a processor 
communicatively cpupleable to a host processor via a Universal Serial Bus (USB) 
interface, the method steps comprising the steps of: 

accepting apommand in the token invoking a processor operation; 

determining if the processor operation requires access to the private data 
stored in the token; 1 

prompting the user to authorize the processor operation via an output device 
communicatively coupled to the processor by a path distinct from the USB-compliant 
interface if the processor operation requires access to a private data stored in a 
memory in the tokenj 

accepting a user input signaling authorization of the processor operation via an 
input device; and 1 

providing the user input to the processor via a communication path distinct 
from the USB-complimt interface. 

36. The program storage device of claim 35, wherein the first path and the 
second path are common. 

37. The program storage device of claim 35, wherein the method step of 
determining if the processor requires access to a private key stored in the token 
comprises the steps of: 1 

determining whicH data stored in the memory is affected by the processor 
operation; and 1 

determining whetheb- the data affected by the processor operation is associated 
with an identification designating the data as the private key. 
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38. The progrpm storage device of claim 35, wherein the path is entirely 
internal to the token. 



39. The program storage device of claim 35, v^herein the input device is a 
5 pressure-sensitive deviqe actuatable from exterior surface of the token. 



^0 



15 



40. The program storage device of claim 39, wherein the input device is a 
push-button switch act latable from an exterior surface of the token. 



10 41. The 

comprises at least one 



pr(jgram storage device of claim 35, wherein the output device 
ight emitting device. 



42. The program storage device of claim 35, wherein the output device 



comprises at least one 



43. Thepr 
comprises at least one 

44. The pr 
20 prompting the user to 

comprises the method 
providing an 



aural reproduction device. 



all 



3gram storage device of claim 35, wherein the output device 
liquid crystal display. 

)gram storage device of claim 35, wherein the method step of 
authorize the processor operation via an output device 
step of: 

phanumeric message indicating that user input is required. 



45. The 
25 message identifies 



pr(&gram storage device of claim 44, wherein the alphanumeric 
the processing operation. 



46. The program storage device of claim 44, wherein the alphanumeric 
message identifies the private data. 
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47. The prog^m storage device of claim 40, wherein the memory is 
configured to store the da:a in at least one file, wherein: 
the file belongs to a file type set comprising: 
a data file type for storing non-private data; 
a key file type for storing the private data; 

the access to the fi e in the memory is classifiable according to an access type 
set including: 

a read access type j ermitting data to be read fi"om the file 
a write access type permitting data to be written to the file 
the processor provides the conditional access to the memory according to the 
file type and the access type. 



48. The program storage device of claim 47, wherein the processor 
provides conditional access lo the memory according to: 





File Tlype 


Access Type 


Data 1 


Key 


Counter 


Read 


Conditional Access 


No Access 


Conditional Access 


Write 


Condijional Access 


Conditional Access 


Conditional Access 
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49. A CO npact personal token, comprising: 



a USB-comp 
a memory; 
a processor. 



iant interface releaseably coupleable to a host processing device; 



c oupled to the memory and communicatively coupleable to the 
host processing devic e via the USB-compliant interface, the processor for providing 
the host processing device conditional access to store and retrieve data storable in the 
memory, the data including a personal identification private to the user; and 

a user input device, communicatively coupled to the processor by a path 
distinct from the USBj-compliant interface, for accepting a user input describing the 
personal identificatior 



50. The apparatus of claim 49, wherein the user input device comprises a 
character input device. 



m 



15 51. The apparatus of claim 50, wherein the character input device 

comprises a wheel havii^g an input position for each character in an input character 
set. 

52. The apparatus of claim 51, wherein each character is selected by 
20 depression of the wheel. 



25 



53. The apparatus of claim 48, wherein the user input device comprises a 
first pressure sensitive device actuatable from an exterior side of the token, and a 
second pressure sensitive dWice actuatable from the exterior side of the token, 
wherein actuation of the first pressure sensitive device selects a character from a 
character set, and actuation of the second pressure sensitive device enters the 
character as at least a portion of the personal identification. 
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54. A 
communicatively co 
compliant interface 

accepting a us^ 

and 

providing the 
from the USB-compliaht 



method of authentication using a token having a processor 

ible to a host processor via a Universal Serial Bus (USB) 
ccjmprising the steps of: 

input comprising a personal identification via an input device; 



user 



input to the processor via a communication path distinct 
interface. 



55. The method of claim 54, further comprising the steps of: 
accepting a conmand in the token invoking a processor operation; 
determining if tlie processor operation requires access to the personal 

identification storable in a memory of the token; and 

determining if the personal identification is stored in the memory of the token 
prompting the user to enter a personal identification if the processor operation 

requires access to the pe rsonal identification and the personal identification is not 

stored in the memory of the token. 

56. The method of claim 54, wherein the step of prompting the user to 



enter the personal identi 



ication number comprises the step of activating a user output 



device via second communication path distinct from the USB-compliant interface. 

57. The method of claim 54, wherein the input device comprises a 
character input device. 

58. The methcid of claim 57, wherein the character input device comprises 
a wheel having an input pDsition for each character in an input character set. 



59. The methocl 
depression of the wheel. 



of claim 58, wherein each character is selected by 
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first pressure sensiti 
second pressure sen: 



60. The riethod of claim 54, wherein the user input device comprises a 



LYe device actuatable from an exterior side of the token, and a 
itive device actuatable from an exterior side of the token, 
wherein actuation oflthe first pressure sensitive device selects a character from a 
character set, and actuation of the second pressure sensitive device enters the 
character as at least alportion of the personal identification. 



m 



61. A compact personal token, comprising: 

10 a USB-compli^t interface releaseably coupleable to a host processing device; 

a memory; 

a processor, coiAmunicatively coupled to the memory and communicatively 
coupleable to the host processing device via the USB-comphant interface, the 
processor for providing the host processing device conditional access to data storable 
15 in the memory; and 

a user input devicb, communicatively coupled to the processor by a path 
distinct from the USB-compliant interface. 

62. The apparams of claim 61, wherein the user input device is configured 
20 to control an operation of tne processor. 



25 



63. The apparatus of claim 61, wherein the operation comprises an 
operation selected from the group comprising: 
an encryption operation; and 
a decryption operatior 



64. The apparatus of claim 61, wherein the operation comprises a digital 
signature operation using a private key stored in the memory. 
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65. The apparatus of claim 61, wherein the input device comprises at least 
one pressure-sensitive de/ice actuatable from an exterior surface of the token. 

66. The appaiatus of claim 61, wherein the input device comprises at least 
5 one push-button switch. 



10 



67. The 
communicatively coup 
interface, for providing 



apparatus of claim 61, further comprising an output device, 

d to the processor by path distinct from the USB-compliant 
information regarding the operation of the processor. 



68. The 
least one light emitting 



appjaratus of claim 67, wherein the output device comprises at 
device. 



25 and 



acceptmg a user 



providing the us 



69. The appjaratus of claim 67, wherein the output device comprises at 
1 5 least one liquid crystal display. 

70. The apparatus of claim 67, wherein the output device comprises at 
least one aural output device. 

20 71 . A methcd of authorizing access to private data stored in a token having 

a processor communicatively coupleable to a host processor via a Universal Serial 
Bus (USB) interface, comprising the steps of: 

accepting a con: mand in the token invoking a processor operation; 

input to control the processor operation via an input device; 



from the USB-compliart interface 



r input to the processor via a communication path distinct 



V 
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; and 

operation using a private key. 



73, Themethold 
least one pressure sensiti\ 
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72. The method of claim 71, wherein the operation comprises an operation 
selected from the group ccjmpnsmg: 
an encryption opeijation; 
a decryption oper^ion; 
a digital signature 



of claim 71, wherein the user input device comprises at 
e device actuatable from an exterior surface of the token. 



1 0 74, The metho 1 of claim 7 1 , further comprising the step of: 

prompting the usei to control the processor operation via an output device 
communicatively coupled to the processor by a second path distinct from the USB- 
compliant interface. 

15 75. The method of claim 74, wherein the path and the second path are 

common. 



76. The metho(J 
group comprising: 
20 a light emitting device 

an liquid crystal di 
an aural reproduct 



of claim 74, wherein the output device is selected from the 



play; and 
device. 



1 )n 



V 
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77. A coiapact personal token, comprising: 

a USB-compliant interface releaseably coupleable to a host processing device; 
a memory; 

a processor, communicatively coupled to the memory and communicatively 
coupleable to the hose processing device via the USB-comphant interface, the 
processor for providii^g the host processing device conditional access to data storable 
in the memory; and 

a user output device, communicatively coupled to the USB-compliant 
interface. 

78. The apparatus of claim 77, wherein the user output device is coupled 
to a power signal of the uJSB-compliant interface. 



79. The appamtus of claim 77, wherein the user output device is coupled 
15 to a data signal of the USB-compliant interface. 



80. A compact personal token, comprising: 
a USB-compliant interface releaseably coupleable to a host processing device; 
a memory; 

a processor, commurlicatively coupled to the memory and communicatively 
coupleable to the host processing device via the USB-compliant interface, the 
processor for providing the host processing device conditional access to data storable 
in the memory; and \ 

a user output device, communicatively coupled to the processor. 



20 
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81 . The apparatus of claim 80, wherein the user output device is coupled 
to the processor by a path distinci from the USB-compliant interface. 
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82. The apparatus of claim 80, wherein the user output device is 
configured to indicate the operation of the processor. 

83. The apparatus of claim 80, wherein the operation comprises an 
operation selected from tne group comprising: 

an encryption operation; 

a decryption operation; and 

a digital signature loperation using a private key. 

84. The apparatbs of claim 80, wherein the user output device is selected 
from a group comprising I 

at least one light emitting device; 
at least one liquid crystal display, 
at least one aural device. 

85. The apparatus of claim 80, fiirther comprising an input device, 
communicatively coupled to the processor by path distinct from the USB-compliant 
interface, for providing information for the operation of the processor. 

86. A method of autnorizing access to private data stored in a token having 
a processor communicatively coupleable to a host processor via a Universal Serial 
Bus (USB) interface, comprising ihe steps of: 

accepting a command in the token invoking a processor operation; and 
signaling the processor operation via a user output device. 
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87. The n 
selected from the gri 



ethod of claim 86, wherein the operation comprises an operation 
up comprising: 
an encryptioh operation; 
a decryption operation; and 
a digital signature operation using a private key. 



88. Thf method of claim 86, wherein the user output device is 
communicatively jcoupled to the processor via a communication path distinct from the 
USB-compliant interface. 



89. 

from the group 
at least 
at least 
an aural 



le method of claim 86, wherein the user output device is selected 
qomprising: 

c(ne light emitting device; 
liquid crystal display; and 



c ne 



device. 
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